Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: construct library for ECS #1058

Merged
merged 165 commits into from
Nov 6, 2018
Merged
Show file tree
Hide file tree
Changes from 158 commits
Commits
Show all changes
165 commits
Select commit Hold shift + click to select a range
939452c
Ignore swp files
SoManyHs Aug 23, 2018
7302a2f
Add ECS lib and example
SoManyHs Aug 23, 2018
4c7127a
Add service and task def constructs
SoManyHs Aug 24, 2018
98749ec
WIP adding VPC/ASG
SoManyHs Aug 24, 2018
6d0942f
Refactor ECS demo
Aug 24, 2018
bddfe56
Add more props on Service
SoManyHs Aug 24, 2018
3574611
Add TODO for AMI IDs
SoManyHs Sep 6, 2018
a63c377
Weird hack?
SoManyHs Sep 7, 2018
b00e0dd
Update example to instantiate service separately
SoManyHs Sep 7, 2018
80ba2e4
WIP Add Container Definitions
SoManyHs Sep 12, 2018
0980f52
WIP Add other Task Def properties
SoManyHs Sep 14, 2018
8648540
Merge remote-tracking branch 'official/master' into ecs-demo
Sep 28, 2018
2d53d89
Indentation 4 -> 2
Sep 28, 2018
dbdab86
Fix type errors
Sep 28, 2018
ee6b427
Use SSM parameter for ECS Optimized AMI
SoManyHs Sep 28, 2018
2b16dad
Move containerdefinition to its own file
Sep 28, 2018
16a92c0
Merge branch 'ecs-demo' of github.com:SoManyHs/aws-cdk into ecs-demo
Sep 28, 2018
ae881c2
Turning ContainerDefinition into a construct
Sep 28, 2018
0672e6a
Add enum for placement constraints
SoManyHs Oct 1, 2018
4f93a5b
Rename fleet to autoScalingGroup
SoManyHs Oct 1, 2018
9b61b89
Qualify "PlacementConstraintType" usage with package name
Oct 1, 2018
98bf81b
ECR can return itself as container image
Oct 1, 2018
ae1d525
Automatically generate execution and task roles
Oct 1, 2018
23072a9
Make taskRole public
Oct 1, 2018
e5cc7f2
Remove shellCommand from healthCheck
SoManyHs Oct 1, 2018
047eed8
Rename toContainerDefinitionJson to renderContainerDefinition
SoManyHs Oct 1, 2018
65d3f79
Some work on Service
Oct 1, 2018
11541d3
Merge branch 'ecs-demo' of github.com:SoManyHs/aws-cdk into ecs-demo
Oct 1, 2018
fb17532
Separate Fargate and ECS clusters
SoManyHs Oct 1, 2018
be8cb86
Separate ECS and Fargate Service
SoManyHs Oct 1, 2018
b8cce3a
Separate ECS/Fargate TaskDefinition
SoManyHs Oct 1, 2018
2741608
Fix lint errors
SoManyHs Oct 1, 2018
a901912
Fix lint errors
SoManyHs Oct 1, 2018
a91bda7
Merge branch 'ecs-demo' of github.com:SoManyHs/aws-cdk into ecs-demo
Oct 2, 2018
51adff5
Fix bugs in service and task def
SoManyHs Oct 2, 2018
70ae682
Fix AMI ID getter for ECS clusters
SoManyHs Oct 2, 2018
298e0a7
Add Capabilities in Linux Parameters on ContainerDefs
SoManyHs Oct 2, 2018
1541edd
Add Capabilities in Linux Parameters on ContainerDefs
SoManyHs Oct 2, 2018
a154d09
Add default arg to SSMProvider.getString
SoManyHs Oct 2, 2018
4b46685
Add Devices to LinuxParameters
SoManyHs Oct 2, 2018
9875c6e
Add Tmpfs to LinuxParameters
SoManyHs Oct 2, 2018
1044d1c
Update ecs demo with full Linux Parameters example
SoManyHs Oct 2, 2018
e7f8000
Rename renderLogDriver
SoManyHs Oct 2, 2018
e7f7b7d
Do most of Service
Oct 2, 2018
dda869d
Merge branch 'ecs-demo' of github.com:SoManyHs/aws-cdk into ecs-demo
Oct 2, 2018
97083dc
Add Ulimits
SoManyHs Oct 2, 2018
a3e3615
Fix log driver
SoManyHs Oct 2, 2018
b913f0e
Make add* functions consistently plural
SoManyHs Oct 2, 2018
fd21c0d
Make load balancers respect network mode
Oct 2, 2018
3b4695c
Merge branch 'ecs-demo' of github.com:SoManyHs/aws-cdk into ecs-demo
Oct 2, 2018
187f62b
Make add* functions consistently plural
SoManyHs Oct 2, 2018
6912e3f
Add portMappings to ContainerDefinition
SoManyHs Oct 2, 2018
2bf2d57
Missing semicolons
SoManyHs Oct 2, 2018
f477d8d
Add MountPoints to ContainerDefinition
SoManyHs Oct 2, 2018
b947f51
Change 'addContainer' to take the props and return ContainerDefinition.
Oct 2, 2018
ab83d35
Merge branch 'ecs-demo' of github.com:SoManyHs/aws-cdk into ecs-demo
Oct 2, 2018
30cb925
Add VolumesFrom to ContainerDefinition
SoManyHs Oct 2, 2018
c64e184
Add fargate example for demo purposes
SoManyHs Oct 3, 2018
566aac3
Remove Service Role, fix DesiredCount default, make task memory defin…
Oct 3, 2018
96e3105
Merge branch 'ecs-demo' of github.com:SoManyHs/aws-cdk into ecs-demo
Oct 3, 2018
48cd8d4
Starting on port mapping defaults
Oct 3, 2018
e311293
Add validation on port mappings with tests
SoManyHs Oct 3, 2018
4ffed09
Implement ingressPort method
SoManyHs Oct 3, 2018
97d3db3
Make ALB listener ACTUALLY default to 'true'
Oct 4, 2018
4f9b548
Add dependency on listener
SoManyHs Oct 4, 2018
e8aa186
Integ test for Fargate service
SoManyHs Oct 4, 2018
eb4a562
Merge branch 'ecs-demo' of github.com:SoManyHs/aws-cdk into ecs-demo
Oct 4, 2018
e06a3ec
Add VolumesFrom to ContainerDefinition
SoManyHs Oct 2, 2018
95b8d84
Add fargate example for demo purposes
SoManyHs Oct 3, 2018
5595707
Starting on port mapping defaults
Oct 3, 2018
a1b78f4
Make ALB listener ACTUALLY default to 'true'
Oct 4, 2018
6f08406
Add validation on port mappings with tests
SoManyHs Oct 3, 2018
5312362
Implement ingressPort method
SoManyHs Oct 3, 2018
6f42026
Add dependency on listener
SoManyHs Oct 4, 2018
1983858
Integ test for Fargate service
SoManyHs Oct 4, 2018
4ea6b8b
hello-cdk-fargate example works
SoManyHs Oct 4, 2018
e34d515
Add lazy evaluation of network configuration property
SoManyHs Oct 4, 2018
bf90c27
Add LoadBalancedFargateService L3 construct
SoManyHs Oct 4, 2018
ffbad9f
Start LoadBalancedFargateServiceApplet
SoManyHs Oct 4, 2018
d1b22bd
Application AutoScaling WIP
Oct 4, 2018
7840634
Merge branch 'ecs-demo' of github.com:SoManyHs/aws-cdk into ecs-demo
Oct 4, 2018
d1ec640
Make declarative example work
Oct 4, 2018
36e1ba2
Add import exports to Cluster
SoManyHs Oct 5, 2018
178898f
Fix portMappings/ingressPort
SoManyHs Oct 5, 2018
b73bdad
Clean up fargate integ test
SoManyHs Oct 5, 2018
049557e
Add integ test for load balanced service in bridge mode
SoManyHs Oct 5, 2018
2295ef2
Add integ test for awsvpc network mode on EcsCluster
SoManyHs Oct 5, 2018
f34c23c
Fix ingress/containerPort on LBs
SoManyHs Oct 5, 2018
c491a1d
Cleanup example
SoManyHs Oct 5, 2018
430f81e
Add cloudwatch metrics
SoManyHs Oct 5, 2018
dca6972
Bridge mode works with host port specified
SoManyHs Oct 5, 2018
cf528d6
Merge remote-tracking branch 'origin/master' into ecs-demo
Oct 12, 2018
ef51786
Fix libs to be in line with latest API changes from master
Oct 12, 2018
c3b543a
Merge remote-tracking branch 'origin/master' into ecs-demo
Oct 15, 2018
64b6d06
Fix build errors
Oct 17, 2018
af5a2a4
Merge remote-tracking branch 'origin/master' into ecs-demo
Oct 17, 2018
51097fd
Fix ingressPort/containerPort tests
SoManyHs Oct 22, 2018
a8f50e4
Add AssetImage: Docker image built from source
Oct 18, 2018
4baaeef
feat(aws-cdk): allow uploading Docker images as assets
Oct 18, 2018
7b19dd2
Add LoadBalancedEcsService L3 Construct
SoManyHs Oct 22, 2018
71766e1
More logging, blacklist manifest parts.
Oct 25, 2018
9bea6be
Add ability to specify cluster size
SoManyHs Oct 24, 2018
4ab455c
Merge remote-tracking branch 'origin/master' into ecs-demo
Oct 26, 2018
be9f447
feat(aws-ecs): add Task AutoScaling to Service
Oct 26, 2018
2eab513
Add unit tests for EcsCluster
SoManyHs Oct 26, 2018
57857a9
Merge branch 'master' into ecs-demo
SoManyHs Oct 29, 2018
4cf23fc
Unit tests for Cluster
SoManyHs Oct 29, 2018
37d3c4e
Set volumes on TaskDefinition
SoManyHs Oct 30, 2018
1ad3669
Clarify doc string for memoryLimit and memoryReservation
SoManyHs Oct 30, 2018
78d2a49
WIP Unit tests on EcsTaskDefinition
SoManyHs Oct 30, 2018
ca61a74
WIP Unit tests for EcsService
SoManyHs Oct 30, 2018
98345b3
WIP Unit tests for FargateService
SoManyHs Oct 30, 2018
35ebd9c
WIP unit tests Fargate Task Definition
SoManyHs Oct 30, 2018
7bbe9bb
feat(applets): integrate into toolkit
Oct 29, 2018
09a182a
Merge branch 'huijbers/autoscaling' into ecs-demo
Oct 30, 2018
2fd2e7c
Add docs and readme and a couple of tests
Oct 30, 2018
9825127
Unit test for error case on service creation
SoManyHs Oct 30, 2018
eea141e
Merge remote-tracking branch 'SoManyHs/ecs/local-image' into ecs-demo
Oct 31, 2018
67761f5
Merge remote-tracking branch 'origin/huijbers/applets' into ecs-demo
Oct 31, 2018
ccd8f34
Merge branch 'ecs-demo' of github.com:SoManyHs/aws-cdk into ecs-demo
Oct 31, 2018
15755d0
Add integ test expectations
Oct 31, 2018
c28393a
Merge branch 'ecs-demo' of github.com:SoManyHs/aws-cdk into ecs-demo
Oct 31, 2018
7faa05d
Revert "feat(applets): integrate into toolkit"
Oct 31, 2018
4f561cd
Run build
Oct 31, 2018
47e5251
Fix tests
Oct 31, 2018
6152ddc
Update readme
SoManyHs Oct 31, 2018
62ff3a4
Remove cdk.json files
SoManyHs Oct 31, 2018
b2fa1db
Update error message
SoManyHs Nov 1, 2018
410d263
Rename Ecs resources to Ec2*
SoManyHs Nov 1, 2018
360d42f
Add test for adding Ulimit
SoManyHs Nov 1, 2018
8c76aa4
Add test for adding links
SoManyHs Nov 1, 2018
45a82c8
Fix asset tests
Nov 1, 2018
631c35d
Incorporate previous PR review comments
Nov 1, 2018
013a52c
Don't forget to unignore bundled .js file
Nov 1, 2018
ce083db
Review comments
Nov 1, 2018
73680ef
Fix integ expectation locations
Nov 1, 2018
61c0edb
Update unit test in line with new 'Dockerfile' presence test
Nov 1, 2018
3a7778b
Fix test for asset image
Nov 1, 2018
6e5c3b2
Merge remote-tracking branch 'origin/master' into ecs-demo
Nov 1, 2018
36687dc
Merge remote-tracking branch 'origin/master' into ecs-demo
Nov 1, 2018
ca9fcb3
Exercise handler in unit tests
Nov 1, 2018
0dbbe63
Fix container healthCheck defaults
SoManyHs Nov 1, 2018
cc69519
Add ScratchSpace method
SoManyHs Nov 2, 2018
645b9a0
Fix aws-sdk stubbing by bringing in an external dependency
Nov 2, 2018
4ed101b
Fix handler, update expectation
Nov 2, 2018
54e4665
Minor tweaks that Clare wanted to see
Nov 2, 2018
e2d338f
Rename autoscaling methods so C# doesn't complain
Nov 2, 2018
b0f54a8
Set ECS_AWSVPC_BLOCK_IMDS=true config option
Nov 2, 2018
8f0f6b1
Update test expectation
Nov 4, 2018
15b8804
Add helper scripts to compile sources faster
Nov 4, 2018
07f1f57
Extract capacity from EC2 cluster
Nov 4, 2018
d883432
Fix rename of members on ScalableTaskCount
Nov 4, 2018
edd4d5f
Make a generic TaskDefinition for both launch types
Nov 5, 2018
ed0956a
Fix import
Nov 5, 2018
33a35b9
One EcsCluster to Rule Them All
SoManyHs Nov 5, 2018
2431901
Update README
SoManyHs Nov 6, 2018
7c0a148
Update integ test expectations
SoManyHs Nov 6, 2018
32db35d
Add moar unit tests
SoManyHs Nov 6, 2018
233a376
Rename EcsCluster => Cluster, add slightly more handler tests
Nov 6, 2018
b616248
Make a single static accessor for all types of Container images
Nov 6, 2018
ea6eeae
Small fixes
Nov 6, 2018
98990b4
Re-add missing handler
Nov 6, 2018
ffa7360
Merge remote-tracking branch 'origin/master' into ecs-demo
Nov 6, 2018
908db1f
Oops wrong name
Nov 6, 2018
64c37fc
Merge remote-tracking branch 'origin/master' into ecs-demo
Nov 6, 2018
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,4 @@ pack
coverage
.nyc_output
.LAST_BUILD
*.swp
3 changes: 2 additions & 1 deletion examples/cdk-examples-typescript/.gitignore
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
.LAST_BUILD
*.snk
hello-cdk-ecs/cdk.json
*.snk
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
{
"app": "../node_modules/.bin/cdk-applet-js fargate-service.yml"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# applet is loaded from the local ./test-applet.js file
eladb marked this conversation as resolved.
Show resolved Hide resolved
applet: @aws-cdk/aws-ecs:LoadBalancedFargateServiceApplet
image: 'amazon/amazon-ecs-sample'
cpu: "2048"
memoryMiB: "1024"
37 changes: 37 additions & 0 deletions examples/cdk-examples-typescript/hello-cdk-ecs/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
import ec2 = require('@aws-cdk/aws-ec2');
import { InstanceType } from '@aws-cdk/aws-ec2';
import ecs = require('@aws-cdk/aws-ecs');
import cdk = require('@aws-cdk/cdk');

class BonjourECS extends cdk.Stack {
constructor(parent: cdk.App, name: string, props?: cdk.StackProps) {
super(parent, name, props);

// For better iteration speed, it might make sense to put this VPC into
// a separate stack and import it here. We then have two stacks to
// deploy, but VPC creation is slow so we'll only have to do that once
// and can iterate quickly on consuming stacks. Not doing that for now.
const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 });
const cluster = new ecs.Ec2Cluster(this, 'Ec2Cluster', { vpc });
cluster.addDefaultAutoScalingGroupCapacity({
instanceType: new InstanceType("t2.xlarge"),
instanceCount: 3,
});

// Instantiate ECS Service with just cluster and image
const ecsService = new ecs.LoadBalancedEc2Service(this, "Ec2Service", {
cluster,
memoryLimitMiB: 512,
image: ecs.DockerHub.image("amazon/amazon-ecs-sample"),
});

// Output the DNS where you can access your service
new cdk.Output(this, 'LoadBalancerDNS', { value: ecsService.loadBalancer.dnsName });
}
}

const app = new cdk.App();

new BonjourECS(app, 'Bonjour');

app.run();
29 changes: 29 additions & 0 deletions examples/cdk-examples-typescript/hello-cdk-fargate/index.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
import ec2 = require('@aws-cdk/aws-ec2');
import ecs = require('@aws-cdk/aws-ecs');
import cdk = require('@aws-cdk/cdk');

class BonjourFargate extends cdk.Stack {
constructor(parent: cdk.App, name: string, props?: cdk.StackProps) {
super(parent, name, props);

// Create VPC and Fargate Cluster
// NOTE: Limit AZs to avoid reaching resource quotas
const vpc = new ec2.VpcNetwork(this, 'MyVpc', { maxAZs: 2 });
const cluster = new ecs.FargateCluster(this, 'Cluster', { vpc });

// Instantiate Fargate Service with just cluster and image
const fargateService = new ecs.LoadBalancedFargateService(this, "FargateService", {
cluster,
image: ecs.DockerHub.image("amazon/amazon-ecs-sample"),
});

// Output the DNS where you can access your service
new cdk.Output(this, 'LoadBalancerDNS', { value: fargateService.loadBalancer.dnsName });
}
}

const app = new cdk.App();

new BonjourFargate(app, 'Bonjour');

app.run();
2 changes: 2 additions & 0 deletions examples/cdk-examples-typescript/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,9 @@
"@aws-cdk/aws-cognito": "^0.14.1",
"@aws-cdk/aws-dynamodb": "^0.14.1",
"@aws-cdk/aws-ec2": "^0.14.1",
"@aws-cdk/aws-ecs": "^0.14.1",
"@aws-cdk/aws-elasticloadbalancing": "^0.14.1",
"@aws-cdk/aws-elasticloadbalancingv2": "^0.14.1",
"@aws-cdk/aws-iam": "^0.14.1",
"@aws-cdk/aws-lambda": "^0.14.1",
"@aws-cdk/aws-neptune": "^0.14.1",
Expand Down
2 changes: 1 addition & 1 deletion packages/@aws-cdk/assets/lib/asset.ts
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ export class Asset extends cdk.Construct {
// for tooling to be able to package and upload a directory to the
// s3 bucket and plug in the bucket name and key in the correct
// parameters.
const asset: cxapi.AssetMetadataEntry = {
const asset: cxapi.FileAssetMetadataEntry = {
path: this.assetPath,
id: this.uniqueId,
packaging: props.packaging,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,21 +62,21 @@ export abstract class BaseScalableAttribute extends cdk.Construct {
/**
* Scale out or in based on time
*/
protected scaleOnSchedule(id: string, props: ScalingSchedule) {
protected doScaleOnSchedule(id: string, props: ScalingSchedule) {
this.target.scaleOnSchedule(id, props);
}

/**
* Scale out or in based on a metric value
*/
protected scaleOnMetric(id: string, props: BasicStepScalingPolicyProps) {
protected doScaleOnMetric(id: string, props: BasicStepScalingPolicyProps) {
this.target.scaleOnMetric(id, props);
}

/**
* Scale out or in in order to keep a metric around a target value
*/
protected scaleToTrackMetric(id: string, props: BasicTargetTrackingScalingPolicyProps) {
protected doScaleToTrackMetric(id: string, props: BasicTargetTrackingScalingPolicyProps) {
this.target.scaleToTrackMetric(id, props);
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ export class AutoScalingGroup extends cdk.Construct implements cdk.ITaggable, el
vpc: props.vpc,
allowAllOutbound: props.allowAllOutbound !== false
});
this.connections = new ec2.Connections({ securityGroup: this.securityGroup });
this.connections = new ec2.Connections({ securityGroups: [this.securityGroup] });
this.securityGroups.push(this.securityGroup);
this.tags = new TagManager(this, {initialTags: props.tags});
this.tags.setTag(NAME_TAG, this.path, { overwrite: false });
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ export class ScalableTableAttribute extends appscaling.BaseScalableAttribute {
* Scale out or in based on time
*/
public scaleOnSchedule(id: string, action: appscaling.ScalingSchedule) {
super.scaleOnSchedule(id, action);
super.doScaleOnSchedule(id, action);
}

/**
Expand All @@ -24,7 +24,7 @@ export class ScalableTableAttribute extends appscaling.BaseScalableAttribute {
? appscaling.PredefinedMetric.DynamoDBWriteCapacityUtilization
: appscaling.PredefinedMetric.DynamoDBReadCapacityUtilization;

super.scaleToTrackMetric('Tracking', {
super.doScaleToTrackMetric('Tracking', {
policyName: props.policyName,
disableScaleIn: props.disableScaleIn,
scaleInCooldownSec: props.scaleInCooldownSec,
Expand Down
125 changes: 95 additions & 30 deletions packages/@aws-cdk/aws-ec2/lib/connections.ts
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,11 @@ export interface ConnectionsProps {
securityGroupRule?: ISecurityGroupRule;

/**
* What securityGroup this object is managing connections for
* What securityGroup(s) this object is managing connections for
*
* @default No security
* @default No security groups
*/
securityGroup?: SecurityGroupRef;
securityGroups?: SecurityGroupRef[];

/**
* Default port range for initiating connections to and from this object
Expand All @@ -59,68 +59,102 @@ export interface ConnectionsProps {
* establishing connectivity between security groups, it will automatically
* add rules in both security groups
*
* This object can manage one or more security groups.
*/
export class Connections {
export class Connections implements IConnectable {
public readonly connections: Connections;

/**
* The default port configured for this connection peer, if available
*/
public readonly defaultPortRange?: IPortRange;

/**
* Underlying securityGroup for this Connections object, if present
*
* May be empty if this Connections object is not managing a SecurityGroup,
* but simply representing a Connectable peer.
*/
public readonly securityGroup?: SecurityGroupRef;
private readonly _securityGroups = new ReactiveList<SecurityGroupRef>();

/**
* The rule that defines how to represent this peer in a security group
*/
public readonly securityGroupRule: ISecurityGroupRule;
private readonly _securityGroupRules = new ReactiveList<ISecurityGroupRule>();

/**
* The default port configured for this connection peer, if available
*/
public readonly defaultPortRange?: IPortRange;
private skip: boolean = false;

constructor(props: ConnectionsProps) {
if (!props.securityGroupRule && !props.securityGroup) {
throw new Error('Connections: require one of securityGroupRule or securityGroup');
constructor(props: ConnectionsProps = {}) {
this.connections = this;
this._securityGroups.push(...(props.securityGroups || []));

this._securityGroupRules.push(...this._securityGroups.asArray());
if (props.securityGroupRule) {
this._securityGroupRules.push(props.securityGroupRule);
}

this.securityGroupRule = props.securityGroupRule || props.securityGroup!;
this.securityGroup = props.securityGroup;
this.defaultPortRange = props.defaultPortRange;
}

public get securityGroups(): SecurityGroupRef[] {
return this._securityGroups.asArray();
}

/**
* Add a security group to the list of security groups managed by this object
*/
public addSecurityGroup(...securityGroups: SecurityGroupRef[]) {
for (const securityGroup of securityGroups) {
this._securityGroups.push(securityGroup);
this._securityGroupRules.push(securityGroup);
}
}

/**
* Allow connections to the peer on the given port
*/
public allowTo(other: IConnectable, portRange: IPortRange, description?: string) {
if (this.securityGroup) {
this.securityGroup.addEgressRule(other.connections.securityGroupRule, portRange, description);
}
if (other.connections.securityGroup) {
other.connections.securityGroup.addIngressRule(this.securityGroupRule, portRange, description);
if (this.skip) { return; }

}
this._securityGroups.forEachAndForever(securityGroup => {
other.connections._securityGroupRules.forEachAndForever(rule => {
securityGroup.addEgressRule(rule, portRange, description);
});
});

this.skip = true;
other.connections.allowFrom(this, portRange, description);
this.skip = false;
}

/**
* Allow connections from the peer on the given port
*/
public allowFrom(other: IConnectable, portRange: IPortRange, description?: string) {
if (this.securityGroup) {
this.securityGroup.addIngressRule(other.connections.securityGroupRule, portRange, description);
}
if (other.connections.securityGroup) {
other.connections.securityGroup.addEgressRule(this.securityGroupRule, portRange, description);
}
if (this.skip) { return; }

this._securityGroups.forEachAndForever(securityGroup => {
other.connections._securityGroupRules.forEachAndForever(rule => {
securityGroup.addIngressRule(rule, portRange, description);
});
});

this.skip = true;
other.connections.allowTo(this, portRange, description);
this.skip = false;
}

/**
* Allow hosts inside the security group to connect to each other on the given port
*/
public allowInternally(portRange: IPortRange, description?: string) {
if (this.securityGroup) {
this.securityGroup.addIngressRule(this.securityGroupRule, portRange, description);
}
this._securityGroups.forEachAndForever(securityGroup => {
this._securityGroupRules.forEachAndForever(rule => {
securityGroup.addIngressRule(rule, portRange, description);
// FIXME: this seems required but we didn't use to have it. Research.
// securityGroup.addEgressRule(rule, portRange, description);
});
});
}

/**
Expand Down Expand Up @@ -192,3 +226,34 @@ export class Connections {
this.allowTo(other, this.defaultPortRange, description);
}
}

type Action<T> = (x: T) => void;

class ReactiveList<T> {
private readonly elements = new Array<T>();
private readonly listeners = new Array<Action<T>>();

public push(...xs: T[]) {
this.elements.push(...xs);
for (const listener of this.listeners) {
for (const x of xs) {
listener(x);
}
}
}

public forEachAndForever(listener: Action<T>) {
for (const element of this.elements) {
listener(element);
}
this.listeners.push(listener);
}

public asArray(): T[] {
return this.elements.slice();
}

public get length(): number {
return this.elements.length;
}
}
2 changes: 1 addition & 1 deletion packages/@aws-cdk/aws-ec2/lib/security-group.ts
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ export abstract class SecurityGroupRef extends Construct implements ISecurityGro

public abstract readonly securityGroupId: string;
public readonly canInlineRule = false;
public readonly connections = new Connections({ securityGroup: this });
public readonly connections = new Connections({ securityGroups: [this] });

/**
* FIXME: Where to place this??
Expand Down
Loading